NET Framework Rootkits

he whitepaper .NET Framework rootkits - backdoors inside your framework.pdf covers various ways to develop rootkits for the .NET framework, so that every EXE/DLL that runs on a modified Framework will behave differently than what it's supposed to do. Code reviews will not detect backdoors installed inside the Framework since the payload is not in the code itself, but rather it is inside the Framework implementation. Writing Framework rootkits will enable the attacker to install a reverse shell inside the framework, to steal valuable information, to fixate encryption keys, disable security checks and to perform other nasty things as described in this paper.

This paper also introduces .NET-Sploit 1.0 - a new tool for building MSIL rootkits that will enable the user to inject preloaded/custom payload to the Framework core DLL.

Download and more info

Vbootkit 2.0

Vbootkit 2.0 is now open-source

Two security researchers open-source code that can be used to take control of versions of the Microsoft Windows 7 x64 operating system. The team decided to release the code despite initial reservations over security.

Vbootkit 2.0 Attacking Windows 7 (x64) via Boot Sectors presentation

Download Vbootkit 2.0 source code 

Swimming into Trojan and Rootkit GameThief.Win32.Magania Hostile Code

rojan-GameThief.Win32.Magania, according to Kaspersky naming convention, monitors the user activities trying to obtain valuable information from the affected user, especially about gaming login accounts. This long tutorial analyze this malware but is also a general document which explains how to analyze a modern nested-dolls malware. 

In this paper we will analyse more deeply the structure of this malware, especially the polymorphic part that represents a typical sample of hostile code. Starting from the first load into IDA we can see that Megania's PE structure and Import Table destroyed, this is how looks from WinGraph:

Download PDF

2009 Protecting OSs from RootKits

Countering Kernel Rootkits with Lightweight Hook Protection

Kernel rootkits have posed serious security threats due to their stealthy manner. To hide their presence and activities, many rootkits hijack control flows by modifying control data or hooks in the kernel space. A critical step towards eliminating rootkits is to protect such hooks from being hijacked. However, it remains a challenge because there exist a large number of widely-scattered kernel hooks and many of them could be dynamically allocated from kernel heap and co-located together with other kernel data. In addition, there is a lack of flexible commodity hardware support, leading to the socalled protection granularity gap kernel hook protection requires byte-level granularity but commodity hardware only provides pagelevel protection.

Source: Schneier on Security

Download PDF

Stoned Bootkit

 The Stoned Bootkit is a rootkit that is booted before the main operating system has, and is able to stay and hide itself in memory during execution of the guest operating system. The payload is executed beside the running operating system and comes with the bootkit. Stoned is designed to be operating system independent, it is multiplatform. It currently supports all 32-bit and 64-bit Windows systems and Linux.

It allows a very wide abstraction of the program and the running base, this means it is a new deployment platform of software. The current proof of concept payloads are a local privilege escalation and a remote surveillance tool. The platform, however is open for third-party future development.

The bootkit itself has an integrated module and plugin structure which allows extending its core features without touching the core code. New in this version is that it is totally independent from media, it can be started from hard disk (master boot record), but also CD/DVD/BD or even over the network.

Download PDF

Tuluka kernel inspector v1.0.394.77

Tuluka is a new powerful AntiRootkit, which has the following features:




Detects hidden processes, drivers and devices
Detects IRP hooks
Identifies the substitution of certain fields in DRIVER_OBJECT structure
Checks driver signatures
Detects and restores SSDT hooks
Detects suspicious descriptors in GDT
IDT hook detection
SYSENTER hook detection
Displays list of system threads and allows you to suspend them
IAT and Inline hook detection
and much more ...

Download: http://www.tuluka.org

More Info: http://www.rootkit.commuch more... 

XSS Street-Fight: The Only Rule Is There Are No Rules

XSS Introduction

Attack: XSS
Attacker can send data through web applications that will execute code within the victim’s web browser
It is an interpreter attack against the web browser
Application Defects: Improper Output Handling
Application does not properly apply contextual output encoding/escaping of user supplied data
Types:
Reflected,Stored and DOM
Consequences:
Session Hijacking,Malware Installation,Fraud (CSRF)
Remediation: Contextual Output Encoding
Must escape differently depending where data is displayed on the page
− HTML,HTML Attribute,URL,JavaScript,CSS
Reference: OWASP XSS Cheatsheet
http://www.owasp.org

Download: PDF

XSS Rays - Google Chrome Browser Extensions

Complete XSS reversing/scanner tool. Find how a site is filtering code, check for injections and inspect objects.

XSS is a security tool to help pen test large web sites. It's core features include a XSS scanner, XSS Reverser and object inspection. Need to know how a certain page filters output? Don't have the source? No problem. XSS Rays will blackbox reverse a XSS filter without needing the source code.

You can also extract/view and edit forms non-destructively that normally can't be edited. For example if you want to modify the value of a checkbox without changing it's type XSS Rays can link to the object and allow you to change the value without altering the original object.

Using the object inspector you can browse through the window object and edit the contents of the functions in real time allowing you to dissect a web page and understand more how it works. This also works with globally defined functions, you can see which functions the developer has decided to place within the window object. 

Download: https://chrome.google.com

More info: http://www.thespanner.co.uk

DOMXSS Scanner

What is DOMXSS Scanner?

DOMXSS Scanner is an online tool that helps you find potential DOM based XSS security vulnerabilities. Enter a URL to scan the document and the included scripts for DOMXSS sources and sinks in the source code of Web pages and JavaScript files. More about DOMXSS Scanner.

What is DOM Based XSS?

DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment.

http://www.domxssscanner.com

OWASP AntiSamy v.1.4.4 Released

The OWASP AntiSamy project is an API for safely allowing users to supply their own HTML and CSS without exposure to XSS vulnerabilities. 

The biggest move of this release is to officially change the default parser/serializer from the DOM engine to the SAX engine. We’ve had two engines for the past few versions, but maintaining two engines concurrently is kinda crazy. The SAX version is twice as fast and much better on memory. Even though all of our test cases pass for both engines, I still anticipate some growing pains in the SAX version, which is why I think most critical applications should stick to 1.4.3 for now.

Changelist:
-fixed error message not sanitizing CDATA payloads when encountered (should only concern you if you use error messages + exactly version 1.4.3)
-tags that are allowed to be empty are no longer hardcoded and can be set in the policy file (), with a safe default list if none are provided
-continued to try to make SAX and DOM version semantically if not literally identical output
-added test cases to regression
-fixed Julian Cohen’s privately reported stack exhaustion bug by applying a tree depth check (the max depth of a DOM tree is now 250)
-no longer Java 1.4 compatible

Download: http://code.google.com

Web application vulnerabilities in context of browser extensions

2: Opera 

Intro
Lets continue to research possible security problems in case of using popular web technologies in browser extensions. Opera is one of the most powerful web browsers today.It has fast rendering and JavaScript engines and a lot of other useful features. For a long time Opera was all-in-one thing in opposition to Mozilla Firefox with its addons. But now when one more strong player called Google Chrome comes into the game in browser's market, Opera decided to support extensions too (yes-yes, I remember about Opera widgets).

Download: PDF

AntiXSS v.4.0 Released

Microsoft Anti-Cross Site Scripting Library V4.0

The Microsoft Anti-Cross Site Scripting Library V4.0 (AntiXSS V4.0) is an encoding library designed to help developers protect their ASP.NET web-based applications from XSS attacks. It differs from most encoding libraries in that it uses the white-listing technique -- sometimes referred to as the principle of inclusions -- to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set (invalid characters or potential attacks). The white-listing approach provides several advantages over other encoding schemes. New features in this version of the Microsoft Anti-Cross Site Scripting Library include:- A customizable safe list for HTML and XML encoding- Performance improvements- Support for Medium Trust ASP.NET applications- HTML Named Entity Support- Invalid Unicode detection- Improved Surrogate Character Support for HTML and XML encoding- LDAP Encoding Improvements- application/x-www-form-urlencoded encoding support

Download: http://www.microsoft.com

DOMinator - The DOM XSS Analyzer Tool

What is DOMinator?

DOMinator is a Firefox based software for analysis and identification of DOM Based Cross Site Scripting issues (DOMXss)It is the first runtime tool which can help security testers to identify DOMXss.



How it works?

It uses dynamic runtime tainting model on strings and can trace back taint propagation operations in order to understand if a DOMXss vulnerability is actually exploitable.You can have an introduction about the implementation flow and some interface description here

What are the possibilities?

In the topics of DOMXss possibilities are quite infinite.At the moment DOMinator can help in identifying reflected DOM Based Xss, but there is potential to extend it to stored DOMXss analysis.


Download: http://code.google.com

Socially-Engineered XSS Attacks

When the IE team talks about Cross-Site-Scripting (XSS) attacks, we’ve usually grouped them into three categories

Type 0: DOM-based XSS
Type 1: “Reflected” XSS
Type 2: Persistent/Stored XSS
DOM-APIs like toStaticHTML enable pages to protect themselves against Type 0 attacks. The Internet Explorer XSS Filter can block Type 1 attacks by detecting reflected script and neutering it. Servers can protect themselves against Type 2 attacks using the Anti-XSS library to sanitize stored data.

It turns out, however, that there’s a fourth type of XSS attack: Socially-engineered XSS. In a socially-engineered XSS attack, the user is tricked into running an attacker’s JavaScript code in the context of the victim site. Even if a site follows best-practices to block XSS Types 0, 1 and 2, they may still be vulnerable to Socially Engineered XSS attacks.

Such attacks work in the same way as most socially-engineered attacks, by attacking the weakest link in browser security—the user’s trust. The attacks request that the user perform a series of operations (often using keyboard key combinations) that result in a JavaScript URL being entered in the address bar and invoked. JavaScript URIs entered in this way execute in the context of the currently loaded page. Users are tricked into following these instructions with the promise of some reward (e.g. free “points” for games, “secret” information about other users, etc).

More: http://blogs.msdn.com

Cookiejacking Attack Technique

Cookiejacking is a UI redressing attack that allows an attacker to hijack his victim's cookies without any XSS.

Clickjacking attacks have been widely adopted by attackers worldwide on popular websites (eg Facebook) in order to perform some drive to download attacks,click forging, message sending and so on.

In previous works on the same matter, new approaches on UI redressing attacks emerged, showing the possibility to steal victims webpage contents. In this presentation I will demonstrate a new kind of attack that can be used to exploit a 0-day vulnerability affecting all Internet Explorer versions over every Windows OS installation. The attack leverages on a UI redressing approach and allows an attacker to steal session cookies of from whatever site a victim is visiting. This new approach really moves UI redressing attacks a step further.

More info and demo: https://sites.google.com/site/tentacoloviola/cookiejacking

XSSF - Cross-Site Scripting Framework v.2.0 Released

The Cross-Site Scripting Framework (XSSF) is a security tool designed to turn the XSS vulnerability exploitation task into a much easier work. The XSSF project aims to demonstrate the real dangers of XSS vulnerabilities, vulgarizing their exploitation. This project is created solely for education, penetration testing and lawful research purposes.

XSSF allows creating a communication channel with the targeted browser (from a XSS vulnerability) in order to perform further attacks. Users are free to select existing modules (a module = an attack) in order to target specific browsers.

XSSF provides a powerfull documented API, which facilitates development of modules and attacks. In addition, its integration into the Metasploit Framework allows users to launch MSF browser based exploit easilly from an XSS vulnerability.

Download: https://code.google.com

Video demo: http://www.youtube.com

OWASP Zed Attack Proxy v.1.3.1 Released

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox. 

Download: https://www.owasp.org

Changelog: https://code.google.com

Harvesting Cross Site Scripting (XSS) Victims - Clicks, Keystrokes and Cookies

A couple of years ago I was inspired by @fmavituna's work on XSS Shell and decided to write a new extended version (XSS-Shell-NG) using a PHP and a MySQL backend rather than the ASP/Access combination of the original. I never released the tool publicly, as my main aim of making XSS Shell easier to use was never really accomplished; it still required a significant amount of set up to get it working. However, one thing that both tools did well once working was to demonstrate the real business impact of cross-site scripting.

To demonstrate the real business impact of cross site scripting I have developed a completely new tool from the ground up - XSS-Harvest. It is multi-threaded pre-forking web server written in Perl, and requires no dependencies other than a couple of common Perl modules; you do not need a web server or database to use this tool. Before going into the detail, I'll list the high level functionality below:

See: http://www.0x90.co.uk

Download XSS-Harvest : https://docs.google.com

5 Things Every Beginner Hacker Should Know

5 Most Common Mistakes Done by Beginners in the field of Hacking

This post is for everyone out there who actually want to become a true hacker:-

1) Never trust sites that ask you for money in return of Hacking Softwares or who claim to Hack Email Id’s in return of money. All such things are Scam . Nothing Works.

2) There is NO DIRECT SOFTWARE  to Hack Facebook , Google , Yahoo or any other big website. All the softwares that claim to do so are scam. They are just meant to take your money and in worse cases, those softwares have trojans or keyloggers in them. As a result your account gets hacked trying to hack others.

3) NEVER EVER use the keyloggers or trojans you find as freeware on internet. Hackers are not fools. They compile keyloggers and trojans almost with any such software and when you install them , you are already hacked before even trying to hack others.

4) You are never going to be a good hacker without the knowledge of programming and scripting languages. When you are going to use only ready made softwares and would depend on them for hacking anything then your functionality would be limited upto the functionality of the software. When you are not going to use your brain , just doing the copy paste thing, then how can you even think of being a good hacker.

5) If you are a good Hacker, you already become a good programmer , a good script writer , a good web developer and an excellent security expert. Well any good Hacker will/should have good knowledge of various aspects and programming languages. to do XSS (Cross Site Scripting ) , PHP INJECTION , SQL INJECTION , PHISHING, FOOTPRINTING etc… you will have to be good at programing and scripting. And when you know the Various loop holes , vulnerabilities and security tips, you already become a Computer Security Expert.

So Never Ever Under estimate the term Hacker. A Hacker Is Not a person who just hacks email id’s or servers but a True Hacker is a Computer Genius who the knowledge of computers more than anyone.

Next time think before asking the question – “How much Will I get in this field?” because, if you have so many skills , you really don’t have to run after money. Success comes and money follows itself.

How To Protect Yourself from a hack;; Any Password On Any Site Using Javascript

JavaScript Hacking.(The eSecurity Advisor): An article from: The CPA Technology Advisor

Website Hacking

I have found good tutorial on http://www.criticalsecurity.net/index.php/topic/14035-how-to-hack-a-website/

Hack any Java class using Reflection

Ever wondered what evil power can be unleashed when using reflection? Do you think private methods are really only accessible from within the declaring class? Do you think that a private field can only be modified from within the declaring class? No? That's what I thought!! In this blog, I will try to demonstrate that it is always important to correctly set the security properties of your applications. For instance, let's look at the following example where we successfully retrieve a private password from another class:

1. class A { 2. private static String getPassword() { 3. return "someHighlyPreciousPassword"; 4. } 5. } 6. 7. public class Test { 8. public static void main(String[] args) throws Exception { 9. Class cl = Class.forName("A"); 10. java.lang.reflect.Method[] m = cl.getDeclaredMethods(); 11. m[0].setAccessible(true); 12. String password = (String) m[0].invoke(null, null); 13. System.out.println("I got it:" + password); 14. } 15.}

Output: I got it: someHighlyPreciousPassword

Ok, the example is not really sexy. Let's mess up a class that implements the Singleton pattern. In the normal case, a singleton object is supposed to be the only instance of a given class. To achieve this, we usually declare the class constructor private, so that no one can invoke it. Well, as demonstrated below, with reflection we can bypass this restriction and create a second "singleton object".

1. class A { 2. public static final A singleton = new A("I'm the only instance of class A"); 3. private String name; 4. private A(String name) { 5. this.name = name; 6. } 7. public String toString() { 8. return this.name; 9. } 10. } 11. 12. public class Test { 13. public static void main(String[] args) throws Exception { 14. Class cl = Class.forName("A"); 15. java.lang.reflect.Constructor[] c = cl.getDeclaredConstructors(); 16. c[0].setAccessible(true); 17. A anotherA = (A) c[0].newInstance(new Object[]{"Not anymore!!"}); 18. System.out.println(A.singleton); 19. System.out.println(anotherA); 20. } 21. }

Output: I'm the only instance of class A Not anymore!!

Using this technique, you can create an instance of any non-abstract class, even if all its constructors are declared private. For instance, below we create an instance of the Math class even though it is useless since the Math class has no instance method. Still, it is possible to do it.

1. public class Test { 2. public static void main(String[] args) throws Exception { 3. Class cl = Class.forName("java.lang.Math"); 4. java.lang.reflect.Constructor[] c = cl.getDeclaredConstructors(); 5. c[0].setAccessible(true); 6. Math mathInstance = (Math) c[0].newInstance(null); 7. System.out.println(mathInstance); 8. } 9. }

Output: java.lang.Math@1cde100

Finally, let's mess with the Runtime class which has one private static field for storing the current Runtime instance. This is another example of a badly implemented singleton class. Let's look at the code below. We first retrieve the current runtime object and display it (3-4). Then, we set the Runtime.currentRuntime static field to null, which means that all successive calls to Runtime.getRuntime() will yield null (6-9) since currentRuntime is initialized at class loading time. We then get the currentRuntime field again and display its value (11-12). And finally, we try to use the current runtime to execute a command for displaying the content of the current directory (14). The output talks for itself.

1. public class Test { 2. public static void main(String[] args) throws Exception { 3. Runtime r = Runtime.getRuntime(); 4. System.out.println("Before: Runtime.getRuntime() yields " + r); 5. 6. Class cl = Class.forName("java.lang.Runtime"); 7. java.lang.reflect.Field f = cl.getDeclaredField("currentRuntime"); 8. f.setAccessible(true); 9. f.set(null, null); 10. 11. r = Runtime.getRuntime(); 12. System.out.println("After: Runtime.getRuntime() yields " + r); 13. 14. r.exec("dir"); //raises NullPointerException!! 15. } 16. }

Output: Before: Runtime.getRuntime() yields java.lang.Runtime@cac268 After: Runtime.getRuntime() yields null Exception in thread "main" java.lang.NullPointerException at Test.main(Test.java:59)

All this could have been avoided if the currentRuntime field had been declared final. Nothing prevents setAccessible(true) to be called on the field (8) but when the set(null, null)method is called, IllegalAccessException is thrown with the message "Field is final".
I'm pretty sure that there is a huge amount of code out there that could be broken this way. Watch out!!

Google Hacking of Oracle Technologies V1.02 - by Red-Database-Security GmbH

Google Hacking of Oracle Technologies V1.02                          

Database Logins  
iSQL*Plus is the web version of SQL*Plus the default user interface for the Oracle database 


iSQL*Plus 
http://www.google.com/search? l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus&btnG=Search


iSQL*Plus 9.2 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A9.2&btnG=Search


iSQL*Plus 9.2.0.1 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A9.2.0.1&btnG=Search


iSQL*Plus 9.2.0.2 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A9.2.0.2&btnG=Search


iSQL*Plus 9.2.0.3 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A9.2.0.3&btnG=Search


iSQL*Plus 9.2.0.4 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A9.2.0.4&btnG=Search


iSQL*Plus 9.2.0.5 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A9.2.0.5&btnG=Search


iSQL*Plus 9.2.0.6 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A9.2.0.6&btnG=SearchGoogle Hacking of Oracle Technologies V1.02 


iSQL*Plus 10.1 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A10.1&btnG=Search


iSQL*Plus 10.1.0.1 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A10.1.0.1&btnG=Search


iSQL*Plus 10.1.0.2 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A10.1.0.2&btnG=Search


iSQL*Plus 10.1.0.3 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A10.1.0.3&btnG=Search


iSQL*Plus 10.1.0.4 
http://www.google.com/search?l=en&lr=&c2coff=1&q=intitle%3AiSQL+intitle%3ARelease+inurl
%3Aisqlplus+intitle%3A10.1.0.4&btnG=Search                                


Oracle Application Server: 
iAS Demopages 
http://www.google.de/search?num=100&q=++%22inurl%3A%2FiASDemos.htm%22
http://www.google.de/search?num=100&q=++%22inurl%3A%2FJ2EEandIA.htm%22


Oracle Forms 
Oracle Forms 6i (using CGI) 
http://www.google.com/search?q=+inurl%3Af60cgi&btnG=Search&num=100
http://www.google.com/search?num=100&hl=de&c2coff=1&q=+inurl%3Aifcgi60


Oracle Forms 6i (using Servlets) 
http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&q=inurl%3Af60servlet


Oracle Forms 9i 
http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&q=inurl%3Af90servlet
Oracle Reports 


Oracle Reports 6i 
http://www.google.com/search?num=100&q=+inurl%3Arwcgi60


Oracle Reports 9i 
http://www.google.com/search?q=%22inurl%3Arwservlet%22+%22inurl%3Areports%22&num=10


Oracle Discoverer 
Oracle Discoverer 9i Viewer 
http://www.google.com/search?num=100&q=%22inurl%3Adiscoverer%2Fviewer%22


Oracle Discoverer 9i Plus  
http://www.google.com/search?num=100&q=%22inurl%3Adiscoverer%2Fplus%22


Oracle Discoverer 10g 
http://www.google.com/search?num=100&q=%22inurl%3Adiscoverer%2Fapp%22Google 


Oracle HTTP Server 
Browsable Oracle HTTP Server Directories 
http://www.google.com/search?num=100&q=%22Index+of%22++%22Oracle-HTTPServer%22+Server+at+Port+%22Last+modified%22


Oracle HTTP Server 1.3.12 
http://www.google.com/search?num=100&q=%22Index+of%22++%22Oracle-HTTPServer%22+Server+at+Port+%22Last+modified%22+1.3.12


Oracle HTTP Server 1.3.19 
http://www.google.com/search?num=100&q=%22Index+of%22++%22Oracle-HTTPServer%22+Server+at+Port+%22Last+modified%22+1.3.19


Oracle HTTP Server 1.3.22 
http://www.google.com/search?num=100&q=%22Index+of%22++%22Oracle-HTTPServer%22+Server+at+Port+%22Last+modified%22+1.3.22


Oracle HTTP Server 1.3.28 
http://www.google.com/search?num=100&q=%22Index+of%22++%22Oracle-HTTPServer%22+Server+at+Port+%22Last+modified%22+1.3.28


Oracle HTTP Server 10g 
http://www.google.com/search?num=100&q=%22Index+of%22++%22Oracle-HTTPServer%22+Server+at+Port+%22Last+modified%22++%22Oracle-Application-Server-10g%22


Oracle HTTP Server with 300-Error Message 
http://www.google.de/search?num=100&q=%22Oracle+HTTP+Server+Powered+by+Apache%22+
%22intitle%3A300


Oracle HTTP Server with 302-Error Message 
http://www.google.de/search?num=100&q=%22Oracle+HTTP+Server+Powered+by+Apache%22+
%22intitle%3A302


Oracle HTTP Server with 401-Error Message 
http://www.google.de/search?num=100&q=%22Oracle+HTTP+Server+Powered+by+Apache%22+
%22intitle%3A401%22


Oracle HTTP Server with 403-Error Message 
http://www.google.de/search?num=100&q=%22Oracle+HTTP+Server+Powered+by+Apache%22+
%22intitle%3A403%22


Oracle HTTP Server with 404-Error Message 
http://www.google.de/search?num=100&q=%22Oracle+HTTP+Server+Powered+by+Apache%22+
%22intitle%3A404+Not+Found%22


Oracle Webdav  
http://www.google.com/search?num=100&q=%22inurl%3Adav_public%22


Oracle Single-Sign-On Page 
http://www.google.de/search?num=100&q=%22intitle%3ASingle+SignOn%22+%22Oracle+Corporation%22+%22All+rights+reserved%22
http://www.google.com/search?num=100&hl=de&q=%22inurl%3Apls%2Forasso%22


Oracle Portal 
http://www.google.com/search?num=100&hl=de&c2coff=1&q=%22inurl%3Apls%2Fportal%22


Oracle HTMLDB 
http://www.google.com/search?num=100&q=%22inurl%3Apls%2Fhtmldb%22


Oracle Internet Directory OIDDAS 
http://www.google.com/search?q=%22inurl%3Aoiddas%22&num=100


Designer generated Web Application 
http://www.google.com/search?q=%22inurl:pls%22+%22inurl:startup%22+%22inurl:%24.%22&nu
m=100


Oracle Enterprise Manager 
Oracle Enterprise Manager 9i 
http://www.google.com/search?q=%22inurl%3A%2Femd%2Fmain%22&num=100


Oracle Enterprise Manager 10g 
http://www.google.com/search?num=100&q=%22inurl%3A%2Fem%2Fconsole%22+%22intitle%3
AOracle+Enterprise+Manager%22++Copyright+Oracle


Oracle Ultrasearch 
http://www.google.com/search?num=100&hl=de&c2coff=1&q=%22inurl%3A%2Fultrasearch%2Fq
uery%22Google Hacking of Oracle Technologies V1.02                                 


Oracle Lite 9i 
http://www.google.de/search?num=100&q=%22inurl%3Awebtogo%2Findex.html%22
Oracle Jinitator Download Page 
http://www.google.de/search?num=100&q=%22inurl%3Ajinitiator%22+%22intitle%3AOracle+JInit
iator%22+%22intitle%3ADownload+Page%22
Oracle mod_plsql-related 


Oracle DAD Config Page 
http://www.google.de/search?num=100&q=%22inurl%3A%2Fpls%2Fadmin_%2Fgateway.htm%22
admin_/globalsettings.htm
http://www.google.com/search?&ie=UTF-8&oe=UTF-
8&q=inurl%3Aadmin%5F%2Fglobalsettings%2Ehtm


Oracle Pages with wrong DAD configuration 
http://www.google.de/search?q=%22No+DAD+configuration+Found%22++%22DAD+Name%22&
num=100


Oracle JDeveloper: 
Oracle OC4j connections.xml 
http://www.google.de/search?as_q=&num=100&as_epq=inurl%3Aconnections+xml&as_filetype=x
ml


Oracle JSP with error messages “at oracle.jsp” 
http://www.google.de/search?num=100&q=%22at+oracle.jsp.%22+%22Exception%3A%22+%22Re
quest+URI%3A%22+%22JSP+Error%3A%22


Oracle JSP with error messages “at oracle.jdbc” 
http://www.google.de/search?num=100&q=%22at+oracle.jdbc%22+%22Exception%3A%22++%22
JSP+Error%22


Oracle UIX Applications: 
http://www.google.de/search?q=inurl%3Auix+inurl%3Aimtapp&num=100
Oracle Web Conferencing: 
http://www.google.de/search?num=100&q=%22inurl%3A%2Fimtapp%22+Conference


OracleAS Wireless Portal: 
http://www.google.de/search?q=%22inurl%3Aptg%2Frm%22&num=100Google Hacking of 


Oracle iLearning: 
http://www.google.de/search?num=100&q=%22inurl%3A%2Filearn%2Fen%22
Oracle FilesOnline: 
http://www.google.de/search?num=100&q=%22inurl%3A%2Ffiles%2Fapp%2FHomePage%22


Oracle iStore: 
http://www.google.com/search?num=100&q=%22inurl%3A%2FOA_HTML%2F%22


Oracle CRM Login Page: 
http://www.google.de/search?num=100&q=%22inurl%3A%2FOA_HTML%2Fjtflogin.jsp%22Google Hacking of Oracle Search 


Engines Used to Attack Databases:
http://www.appsecinc.com/presentations/Search_Engine_Attack_Database.pdf
Johnny Long’s Google Hacking Webpage:  http://johnny.ihackstuff.com/